Check your wysiwyg editors in Drupal to make sure you are running the current version

Drupal presents a false sense of Security when using wysiwyg editors.

The reason I say this is that wysiwyg module can run different editors.  For example fckeditor and ckeditor can be included in the libraries directory which is where wysisyg editor module calls editors from.   It will be located in your drupaldir/sites/all/libraries

 

The drupal framework never checks the libraries directory for versions.  I recently found out that I was running an old version of fckeditor on one of my sites yet drupal never reported an old version since wysiwyg module was up to date. 

I did not check myself because I thought when running my cron job for system status within drupal it was making me aware of all the needed updates.  I was wrong. I had an incident with one of my sites and could never figure out what happened.  I can not say 100% it was the fckeditor but it is highly likely it was since everything else was up to date.  Even if it was not fckeditor this is still an issue Drupal needs to address.  In the meantime I suggest manually checking your fckeditor versions and updating it in the correct path.  At one point in time you would place the editor in the wysiwyg module path so make sure you update it at the libraries path or it will not be updated.